topic Then we can call a Win from in Network Security

Bypass Mac Filter

Linkeichi — Sun, 10 Mar 2019 13:22:54 GMT

I have this network.

How can i block the Internet traffic to the smarphones devices but not the traffic of the laptop?

Cause they are bypassing the Mac filter, due that his packets are encapsulated with the MAC of the netbook.

There is a way that forces the Switch or the router to read the packets and find that the destiny MAC is another one, and is not in the approved MAC Table?

There are several ways, but

Karsten Iwen — Fri, 15 May 2015 15:31:01 GMT

There are several ways, but not on the switch-level. For example:

MDM for the Laptops that turns off tethering for smartphones
MDM for smartphones that turns off tethering to non-authorized systems
Firewalls that recognize the OS of the requesting devide

And any suggestion of a

Linkeichi — Fri, 15 May 2015 15:40:08 GMT

And any suggestion of a Router level commands?

no, also not for the router.

Karsten Iwen — Fri, 15 May 2015 16:03:47 GMT

no, also not for the router.

Then we can call a Win from

Linkeichi — Sat, 16 May 2015 01:43:21 GMT

Then we can call a Win from the workers of the company if the IT department doesn't have a Firewall?, Cause that is what happen here!! the workers bypass with their tablets, Smartphones even their notebooks connected to that hotspot of the permitted MAC.

One question more, there is some Router that has a integrated Firewall, from the Cisco Solutions?

I saw here a 4600 or 4500, I want to get in TI and this contribution will help me to gain points.

You should only call it a Win

Karsten Iwen — Sat, 16 May 2015 06:10:01 GMT

You should only call it a Win for the workers if there were any protection mechanisms. But MAC based filters are so weak and easily avoidable that they can't really be considered a protection mechanism.

For Firewalling, you need something that does next-generation firewalling. The firewall embedded in IOS is not enough.

Then i'll suggest a next-gen

Linkeichi — Sat, 16 May 2015 13:06:20 GMT

Then i'll suggest a next-gen firewall.

Any recommendation from Cisco one my friend?

There are two options from

Karsten Iwen — Sat, 16 May 2015 13:39:08 GMT

There are two options from Cisco:

Thank you, i appreciate so

Linkeichi — Sat, 16 May 2015 13:59:52 GMT

Thank you, i appreciate so much your tracking.